II. General information on data processing

Scope of personal data processing

We collect and use our users’ personal data only to the extent that is required to provide a functional website and our content and services. Our users’ personal data are lawfully collected and processed only after obtaining the consent of the respective user. Exceptions apply to cases where obtaining prior consent is not possible due to factual reasons and data processing is permitted by legal stipulations.

Legal basis for processing personal data

In cases where we obtain the data subjects’ consent to process personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For processing personal data that are required for performing a contract into which the data subject has entered, Art. 6(1)(b) of the GDPR serves as the legal basis. This also includes processing operations required to implement pre-contractual measures.

In cases where processing personal data is necessary to fulfill our company’s legal obligations, Art. 6(1)(c) of the GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require personal data processing, Art. 6(1)(d) of the GDPR serves as the legal basis.

In cases where data processing is necessary to protect legitimate interests of our company or a third party and where the interests as well as the fundamental rights and freedoms of the data subject do not outweigh the mentioned interests, Art. 6(1)(f) of the GDPR serves as the legal basis.

Erasure of data and storage periods

The data subjects’ personal data will be erased or made unavailable as soon as the purpose of the storage expires. Personal data may be retained if required by European or national legislation in the form of EU regulations, laws, or other provisions the controller is subject to. Data will also be erased or made unavailable if the storage period stated in the above-mentioned rules expires unless continuing the retention of the data is required for the conclusion or fulfillment of a contract.

III. Provision of the website and creation of log files

Description and scope of data processing

Whenever a user visits our website, our system automatically collects data and information on the system of the calling computer.

The following data are collected:

Information on the browser type and version

The user’s operating system

The user’s internet service provider

The user’s IP address

Date and time of access

Websites from which the user’s system was directed to our website

Websites the user’s system calls up via our website

The data are also stored in our system’s log files. This does not apply to the user’s IP addresses and other data that would make it possible to connect the stored data with a user. This kind of data and other personal data of the user are not stored.

Legal basis for data processing

Art. 6(1)(f) of the GDPR is the legal basis for the temporary retention of data.

Purpose of data processing

The temporary retention of a user’s IP address by the system is required to deliver the website to the user’s computer. For this purpose, it is necessary to retain the user’s IP address throughout the entire session.

This purpose constitutes our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR.

Storage period

The data will be erased as soon as they are no longer required to fulfill the purpose for which they were collected. This means that data collected for providing the website will be erased when the respective session expires.

Right to object and opt out

Collecting data for providing the website and retaining them in log files is obligatory for operating the website. Therefore, the user does not have the option to object to this procedure.

IV. Use of Cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are saved in the internet browser. More specifically, they are saved in the user’s computer system by the internet browser. If a user visits a website, cookies may be saved in the user’s operating system. Such cookies contain a characteristic sequence of characters that allows for a clear identification of the browser when the same user visits the website again.

We use cookies to make our website more user-friendly. For some parts of our website, it is necessary that the accessing browser can be identified even after the user has moved from one page to another.

In those cases, the following data will be stored and transmitted by cookies:

Log-in information

Additionally, we use cookies on our website that enable us to analyze the users’ surfing behavior.

The following data may be transmitted:

Search terms entered

Frequency of site visits

Use of the website’s functions

When a user visits our website, he or she is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. In this process, we also point out the present privacy statement.

Legal basis for data processing

Art. 6(1)(f) of the GDPR serves as the legal basis for personal data processing using technically necessary cookies.

Art. 6(1)(a) of the GDPR serves as the legal basis for personal data processing using cookies for analysis purposes if the respective user’s consent has been obtained.

Purpose of data processing

The purpose of technically necessary cookies is to facilitate the use of websites for users. Some functions of our website cannot be provided without the use of cookies. They require the browser to be identifiable even after a user has moved from one page to another.

Cookies are required for the following applications:

Log-in information

Search terms entered

Frequency of site visits

Use of the website’s functions

User data collected by technically necessary cookies are not used to create user profiles.

We use analytical cookies to improve the quality of our website and its content. Analytical cookies tell us how the website is used, allowing us to continuously improve our services.

We also use cookies to improve the quality of our website for users and to facilitate future visits to our website.

Cookies are saved to the user’s computer and therefrom transmitted to our website. This means that you as the user have full control over the use of cookies. By changing your internet browser’s settings, you can deactivate or restrict the transmission of cookies. Cookies that have been saved can be deleted at any time. The deletion of cookies can also be automated. If cookies are deactivated, it may be possible that some functions of our website cannot be fully used.

V. Newsletter

Description and scope of data processing

Users can subscribe to a free newsletter on our website. When subscribing to the newsletter, the following data collected from the input mask will be transmitted to us:

Email address

First name

Surname

Additionally, the following data are collected during the subscription process:

IP address of the calling computer

Date and time of registration

To be able to process the data, we obtain your consent during the subscription process and refer to the present privacy statement.

Data collected for the purpose of providing the newsletter will not be disclosed to third parties. The data will be used exclusively for providing the newsletter.

Legal basis for data processing

Art. 6(1)(a) of the GDPR serves as the legal basis for data processing following the subscription to the newsletter if the respective user’s consent has been obtained.

Purpose of data processing

We collect the user’s email address to deliver the newsletter.

Other personal data collected in the course of the subscription process are used to avoid the misuse of our services or the respective email address.

Storage period

The data will be erased as soon as they are no longer required to fulfill the purpose for which they were collected. This means the user’s email address will be retained for the duration of an active subscription to the newsletter.

Right to object and opt out

The user may cancel his or her subscription to the newsletter at any time. Every newsletter contains a link for this purpose.

The link also offers the possibility to withdraw the consent to the retention of the personal data collected during the subscription process.

VI. Contact form

Description and scope of data processing

A contact form on our website offers users the possibility to request to be contacted via email or telephone. The following personal data of a user using the contact form will be collected:

First name

Surname

Address

Zip code

City

Country

The data collected in this context will not be shared with third parties. They will be used exclusively for handling communication with you.

Legal basis for data processing

Art. 6(1)(a) of the GDPR serves as the legal basis for data processing with the user’s consent.

Art. 6(1)(f) of the GDPR serves as the legal basis for processing data transmitted by a sent email. If it is the intent of the communication via email to enter into a contract, Art.6 (1)(b) of the GDPR will additionally apply.

Purpose of data processing

The reception of an email constitutes a legitimate interest in processing data for us.

Storage period

The data will be erased as soon as they are no longer required to fulfill the purpose for which they were collected. This means that personal data transmitted via email will be deleted after the conversation with the user has ended. The conversation will be considered ended when the circumstances suggest that the respective matter has been fully resolved.

Right to object and opt out

The user may at any point withdraw his or her consent to the processing of the personal data. A user may at any time object to the retention of his or her personal data by sending us an email. In such a case, the conversation cannot be continued.

All personal data collected when the conversation was initiated will be erased in such a case.

VII. Disclosure of data to third parties

Scope of personal data processing

To process orders and fulfill our contractual duties in relation to customers, personal data will be disclosed to the following companies:

The data are disclosed to above-mentioned parties to fulfill a contract into which the user has entered or to implement pre-contractual measures. Therefore, Art. 6(1)(b) of the GDPR serves as the legal basis for data processing.

3. Purpose of data processing

The collected data are necessary to fulfill a contract. The data collected are also required to identify the user and ensure an orderly delivery of the requested goods.

4. Storage period

The data will be erased as soon as they are no longer required to fulfill the purpose for which they were collected.

This means that data collected in the registration process required for fulfilling a contract or implementing pre-contractual measures will be erased as soon as the data are no longer needed for performing the contract. It may be necessary to retain personal data even after the conclusion of a contract in order to fulfill contractual and legal obligations.

5. Right to object and opt out

As a user you have the right to terminate your registration at any time. You may at any time request rectification of your personal data.

Data necessary to fulfill a contract or implement pre-contractual measures may only be erased if the erasure does not violate contractual or legal obligations.

VIII. Social media plug-ins

Scope of personal data processing

Our website uses social plug-ins. The social plug-ins on our website are deactivated by default. Data will only be transmitted to the respective social network by clicking and thus activating the social plug-in. The activation of the social plug-in ends when your cookies are deactivated or deleted.

Following activation, a direct connection to the server of the respective social network is established. The content of a button will then be transmitted directly from the respective social network to your browser, which in return incorporates the content into the website.

After activating a button, the respective social network will be able to collect data, regardless of whether or not you interact with the button. If you are logged in to a social network, it is able to link your visit of our website to your account. If you are registered to a social network and do not want the data collected when visiting our website to be added to your account data, you have to log out of the respective network before activating the buttons.

The scope of data collected by social networks through their buttons is beyond our sphere of influence. For information on the purpose and scope of the data collected, processed, and used by social networks as well as on your respective rights and options regarding your privacy settings, please refer to the privacy statements of the respective social networks.

1.1. Facebook plug-in (Like button)

Our website features plug-ins of the social network Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook plug-ins on our website are marked with the Facebook logo or the Like button. An overview of all Facebook plug-ins can be found here: http://developers.facebook.com/docs/plugins/.

When activating the plug-in, a direct connection between your browser and the Facebook server will be established. As a result, Facebook will receive the information that you have visited our website using your IP address. By clicking Facebook’s Like button while logged in to your Facebook account, you will be able to link content of our website to your Facebook profile. This enables Facebook to link the visit of our website to your account. We draw your attention to the fact that we as the operator of the website have no knowledge of which data are transmitted to Facebook and how they are used. For further information regarding this topic, please refer to Facebook’s data policy: https://www.facebook.com/policy.

If you do not want Facebook to link the visit of our website to your account, please log out of your Facebook account before visiting our website.

1.2. Google +1

You can share information worldwide with the Google +1 button. Via the Google +1 button, you and other users receive personalized content from Google and its partners. Google saves the information that you marked content with +1 as well as information about the website you were viewing when you clicked the +1 button. Content marked by you with +1 may appear to others as a notice together with your account name and photo used for Google services, such as in search results or your Google profile, or elsewhere on websites and in advertisements on the internet.

Google records information about your +1 activities to improve Google services for you and other users. To be able to use the Google +1 button, you require a public Google profile visible worldwide which at least includes your account name. This name will be used across all Google services. In some cases, this name may replace another name you used when sharing content via your Google account. The identity of your Google profile may be displayed to others who know your email address or other identifying information about you.

Google may publish aggregated statistics on users’ +1 activities and discloses them to users and partners like publishers, advertisers, or connected websites. Along with the above-mentioned forms of use, the information provided by you will be used according to the current Google privacy policy. For further information regarding this topic, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

1.3. Vimeo

Our website uses plug-ins of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. By viewing one of our pages using the Vimeo plug-in, you will be connected to Vimeo’s servers. As a result, the information which ones of our pages you have visited is transmitted to Vimeo. If you are logged in to your Vimeo account, you enable Vimeo to connect your surfing behavior directly to your personal profile. You can prevent Vimeo from doing so by logging out of your account. For further information on how user data are processed, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy.

1.4. Twitter

Our website features plug-ins of Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the Retweet function, websites visited by you will be added to your Twitter account and disclosed to other users. Data will also be transmitted to Twitter.

We draw your attention to the fact that we as the operator of the website have no knowledge of which data is transmitted to Twitter and how they are used. For further information regarding this topic, please refer to Twitter’s privacy policy: https://twitter.com/privacy.

Art. 6(1)(a) of the GDPR serves as the legal basis for data processing with the user’s consent.

Right to object and opt out

The user may withdraw his or her consent at any time. The user has the option of deactivating the social plug-ins and deleting his or her cookies.

IX. Website analytics services

Scope of personal data processing

1.1. Google Analytics

This website uses Google Analytics, a web analytics service by Google, Inc. (www.google.com). Google Analytics uses cookies. These are text files that are stored onto your computer and that allow an analysis of how you use our website. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transmitted to a Google server. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA to be truncated there. We have activated IP anonymization for this website. Google will on our behalf use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics services will not be merged with any other Google data.

Legal basis for processing personal data

Art. 6(1)(a) of the GDPR serves as the legal basis for data processing with the user’s consent.

We use said functions to analyze website usage and for remarketing purposes. These purposes constitute our legitimate interest pursuant to Art. 6(1)(f) of the GDPR.

Right to object and opt out

You can prevent your browser from installing and saving cookies by changing the respective browser settings. However, we would like to point out that you might not be able to fully use all functions of this website in such a case.

You can, moreover, prevent the collection of data generated by cookies and related to your usage of this website (incl. your IP address) and the processing of said data by Google by downloading and installing the browser plug-in available on the following website: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser plug-in, you can click this link to prevent future detection by Google Analytics on this website. When you click this link, an opt-out cookie will be placed on your terminal device. If you delete your cookies, you will have to click the link again.

3.1. Google Fonts

This website uses external fonts (Google Fonts). Google Fonts is a service of Google, Inc. These web fonts are integrated by making a server call. Usually, a Google server in the USA is called. This way, it will be reported to the server which ones of our pages you have visited. What is more, the IP address of the browser of the terminal device used by the visitor to this website will be stored by Google. For further information, please refer to Google’s privacy policy by following this link: www.google.com/policies/privacy/.https://fonts.google.com/about

3.2. Google reCAPTCHA

This website uses the service reCAPTCHA provided by Google, Inc. This service helps distinguish human input from fraudulent automated machine input. In order to make this distinction, the IP address is transmitted to Google. For this purpose, your input will be transmitted to Google for further processing. However, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transmitted to a Google server. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA to be truncated there. As the operator of this website, we have enabled Google to use this information to evaluate your use of this service. The IP address transmitted by your browser as part of the reCAPTCHA service will not be merged with any other Google data. For these data, the diverging privacy policy provisions of Google are applicable. For further information on Google’s privacy policy, please click the following link: https://www.google.com/policies/privacy/.

3.3. Google Maps

This website uses Google Maps to visually display geographical information. When visitors to this website use Google Maps, Google will also collect, process, and use data obtained via the Maps functions. For further information on Google’s data processing policy, please refer to Google’s privacy policy: https://www.google.com/policies/privacy/. Following the link above, you can also change your settings to manage and protect your data by using the Privacy Checkup. For further guidance on managing your data with regard to Google products, please refer to the following website operated by Google: http://www.dataliberation.org/.

X. Advertising and marketing services

Facebook conversion tracking pixel

With your consent, our website uses the conversion tracking pixel service of Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. It allows us to track actions of our users after they have been redirected to our website by clicking a Facebook ad. This way, we are able to record the effectiveness of Facebook ads for statistic and market research purposes. The data collected remain anonymous. This means that we do not have access to the individual users’ personal data. Instead, collected data are retained and processed by Facebook. We are advising you on this matter according to the information currently at our disposal. Facebook can connect these data with data of your Facebook account. Facebook uses the data for its own advertising purposes pursuant to its data policy: https://www.facebook.com/about/privacy/.

Facebook conversion tracking also allows Facebook and its partners to show you ads on and outside of Facebook. For these purposes, cookies will be saved to your computer.

This website uses the ‘Custom Audiences’ retargeting function of Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. When you visit our website, a direct connection between your browser and the Facebook server is established via the retargeting tags. As a result, Facebook will receive the information that you have visited our website with your IP address. This enables Facebook to link the visit of our website to your account. We can use the information collected in this way for displaying Facebook ads. We draw your attention to the fact that we as the operator of the website have no knowledge of which data are transmitted to Facebook and how they are used. For further information regarding this topic, please refer to Facebook’s data policy: https://www.facebook.com/policy.

Art. 6(1)(a) of the GDPR serves as the legal basis for data processing with the user’s consent.

We use these tools to analyze website usage patterns and for promotional activities, which are, among other things, necessary to finance our website. These purposes constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR.

XI. Rights of the data subject

If your personal data are processed, you are considered a data subject within the meaning of the GDPR. This means you have the following rights against the controller:

Right to access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.

Where this is the case, you have the right to receive access to the following information from the controller:

The purposes for which personal data are being processed

The categories of processed personal data

The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

The envisaged period for which personal data concerning you will be stored, or, if exact statements regarding the period are not possible, the criteria used to determine that period

The existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing of personal data concerning you or to object to such processing

The right to lodge a complaint with a supervisory authority

Any available information as to the source of the data where the personal data are not collected from the data subject

The existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

You have the right to be informed whether or not your personal data are transferred to a third country or to an international organization. In this context, you can demand to be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transfer.

Right to rectification

You have the right to obtain from the controller rectification and/or completion if the processed personal data concerning you are incorrect or incomplete. The controller is obligated to carry out the rectification without undue delay.

Right to restriction of processing

You have the right to obtain from the controller restriction of processing of your personal data where one of the following applies:

You contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.

The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.

You have objected to processing pursuant to Art. 21(1) of the GDPR, and the verification whether the legitimate grounds of the controller override your grounds is still pending.

Where processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a member state.

If the processing has been restricted on above-mentioned grounds, you will be informed by the controller before the restriction of processing is lifted.

Right to erasure

4.1. Obligation to erase personal data

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller has the obligation to erase the data without undue delay where one of the following grounds applies:

The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR and there is no other legal ground for the processing.

You object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.

The personal data concerning you have been unlawfully processed.

The personal data concerning you have to be erased for compliance with a legal obligation in EU or member-state law to which the controller is subject.

The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.

4.2. Informing third parties

Where the controller has made personal data concerning you public and is obligated pursuant to Art. 17(1) of the GDPR to erase the data, the controller, taking account of available technology and implementation costs, will take reasonable steps, including technical measures, to inform controllers processing the personal data that you as a data subject have requested the controller to erase any links to or copy or replication of those personal data.

4.3. Exceptions

The right to erasure does not apply where processing is necessary:

For exercising the right of freedom of expression and information

For compliance with a legal obligation which requires processing by EU or member-state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) of the GDPR

For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) of the GDPR in so far as the right referred to in (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing

For the establishment, exercise, or defense of legal claims

Right to be informed

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to every recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about those recipients by the controller.

Right to data portability

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit said data to another controller without hindrance from the controller to which the personal data have been provided where:

the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(b) of the GDPR and

the processing is carried out by automated means.

In exercising this right to data portability, you also have the right to have the respective personal data transmitted directly from one controller to another where technically feasible. This right must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or unless processing is carried out for the establishment, exercise, or defense of legal claims.

If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. A withdrawal of consent does not prejudice the lawfulness of the processing that had been carried out based on the consent before it was withdrawn.

Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.

This does not apply if the decision

is necessary for entering into or performance of a contract between you and the data controller;

is authorized by EU or member-state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

is based on your explicit consent.

However, those decisions must not be based on special categories of personal data referred to in Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the stipulations of the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.